CVE-2025-3387

Summary

A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
renreniorenren-security5.0affected
renreniorenren-security5.1affected
renreniorenren-security5.2affected
renreniorenren-security5.3affected
renreniorenren-security5.4affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References